VYPR
Medium severity6.5NVD Advisory· Published Mar 14, 2018· Updated Jun 17, 2026

CVE-2018-0924

CVE-2018-0924

Description

Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 20, Microsoft Exchange Server 2013 Cumulative Update 18, Microsoft Exchange Server 2013 Cumulative Update 19, Microsoft Exchange Server 2013 Service Pack 1, Microsoft Exchange Server 2016 Cumulative Update 7, and Microsoft Exchange Server 2016 Cumulative Update 8 allow an information disclosure vulnerability due to how URL redirects are handled, aka "Microsoft Exchange Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0941.

Affected products

2
  • Range: 2010 SP3 UR20, 2013 CU18, 2013 CU19, 2013 SP1, 2016 CU7, 2016 CU8
  • Microsoft Corporation/Exchange Serverv5
    Range: Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 20, Microsoft Exchange Server 2013 Cumulative Update 18, Microsoft Exchange Server 2013 Cumulative Update 19, Microsoft Exchange Server 2013 Service Pack 1, Microsoft Exchange Server 2016 Cumulative Update 7, and Microsoft Exchange Server 2016 Cumulative Update 8

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.